using System;
using System.Collections.Specialized;
using System.Data;
using SecuBat.AttackPlugin;
using Microsoft.Practices.EnterpriseLibrary.Data;
using System.Data.Common;

namespace SecuBat.AttackPlugin
{
	/// <summary>
	/// Summary description for DatabaseManager.
	/// </summary>
	public class AttackDbManager
	{
		
		public static int NewAttackerRun(String name, DateTime beginTime, DateTime endTime)
		{
			Database db = DatabaseFactory.CreateDatabase();
			DbCommand command = db.GetStoredProcCommand("newEAttackerRun");
			db.AddInParameter(command, "@i_Name", DbType.String, name);
			db.AddInParameter(command, "@i_BeginTime", DbType.DateTime, beginTime);
			if (endTime != DateTime.MinValue)
				db.AddInParameter(command, "@i_EndTime", DbType.DateTime, endTime);
			else
				db.AddInParameter(command, "@i_EndTime", DbType.DateTime, DBNull.Value);
			db.AddOutParameter(command, "@o_id", DbType.Int32, 4);

            if (db.ExecuteNonQuery(command) > 0)
			{
				return (int) db.GetParameterValue(command, "o_id");
			}
			return -1;
		}

		public static DataSet GetAttackerRuns()
		{
			Database db = DatabaseFactory.CreateDatabase();
			DbCommand command = db.GetStoredProcCommand("lstEAttackerRun");

			DataSet ds = db.ExecuteDataSet(command);
			return ds;
		}
		
		public static int NewAttack(int idAttackerRun, int idWebForm, int idPlugin, NameValueCollection parameters, int responseCode, String responseHtml, DateTime attackTime, TimeSpan responseDuration, String exploitUrl)
		{
			String parameterNames = "";
			String parameterValues = "";
			AttackDbManager.BuildParameterStrings(parameters, ref parameterNames, ref parameterValues);
			
			Database db = DatabaseFactory.CreateDatabase();
			DbCommand command = db.GetStoredProcCommand("newEAttack");
			db.AddInParameter(command, "@i_IDAttackerRun", DbType.Int32, idAttackerRun);
			db.AddInParameter(command, "@i_IDWebForm", DbType.Int32, idWebForm);
			db.AddInParameter(command, "@i_IDPlugin", DbType.Int32, idPlugin);
			db.AddInParameter(command, "@i_ParameterNames", DbType.String, parameterNames);
			db.AddInParameter(command, "@i_ParameterValues", DbType.String, parameterValues);
			db.AddInParameter(command, "@i_ResponseCode", DbType.Int32, responseCode);
			db.AddInParameter(command, "@i_ResponseHtml", DbType.String, responseHtml);
			db.AddInParameter(command, "@i_AttackTime", DbType.DateTime, attackTime);
			db.AddInParameter(command, "@i_ResponseDuration", DbType.Int32, (int) responseDuration.TotalMilliseconds);
			db.AddInParameter(command, "@i_ExploitUrl", DbType.String, exploitUrl);
			db.AddOutParameter(command, "@o_id", DbType.Int32, 4);

            if (db.ExecuteNonQuery(command) > 0)
			{
				return (int) db.GetParameterValue(command, "o_id");
			}
			return -1;
		}

		public static DataSet GetAttacks(int idWebForm)
		{
			Database db = DatabaseFactory.CreateDatabase();
			DbCommand command = db.GetStoredProcCommand("lstEAttack");
			db.AddInParameter(command, "@i_IDWebForm", DbType.Int32, idWebForm);

			DataSet ds = db.ExecuteDataSet(command);
			return ds;
		}

		public static DataSet GetAttackReport(int idRun)
		{
			Database db = DatabaseFactory.CreateDatabase();
			DbCommand command = db.GetStoredProcCommand("lstAttackReport");
			db.AddInParameter(command, "@i_IDRun", DbType.Int32, idRun);

			DataSet ds = db.ExecuteDataSet(command);
			return ds;
		}

		public static DataSet GetSmallAttackReport(int idRun, int minResult)
		{
			Database db = DatabaseFactory.CreateDatabase();
			DbCommand command = db.GetStoredProcCommand("lstAttackSmallReport");
			db.AddInParameter(command, "@i_IDRun", DbType.Int32, idRun);
			db.AddInParameter(command, "@i_MinResult", DbType.Int32, minResult);

			DataSet ds = db.ExecuteDataSet(command);
			return ds;
		}

		public static int NewAnalysis(int idAttack, int idPlugin, int analysisResult, String analysisText)
		{
			Database db = DatabaseFactory.CreateDatabase();
			DbCommand command = db.GetStoredProcCommand("newEAnalysis");
			db.AddInParameter(command, "@i_IDAttack", DbType.Int32, idAttack);
			db.AddInParameter(command, "@i_IDPlugin", DbType.Int32, idPlugin);
			db.AddInParameter(command, "@i_AnalysisResult", DbType.Int32, analysisResult);
			db.AddInParameter(command, "@i_AnalysisText", DbType.String, analysisText);
			db.AddOutParameter(command, "@o_id", DbType.Int32, 4);

            if (db.ExecuteNonQuery(command) > 0)
			{
				return (int) db.GetParameterValue(command, "o_id");
			}
			return -1;
		}
		
		public static DataSet GetAttack(int id)
		{
			Database db = DatabaseFactory.CreateDatabase();
			DbCommand command = db.GetStoredProcCommand("lstEAttack");
			db.AddInParameter(command, "@i_ID", DbType.Int32, id);

			DataSet ds = db.ExecuteDataSet(command);
			return ds;
		}

		private static void BuildParameterStrings(NameValueCollection parameters, ref String parameterNames, ref String parameterValues)
		{
			foreach (String key in parameters.AllKeys)
			{
				parameterNames += key + ",";
				parameterValues += parameters[key] + ",";
			}
			if (parameterNames.Length > 0)
				parameterNames = parameterNames.Substring(0, parameterNames.Length - 1);
			if (parameterValues.Length > 0)
				parameterValues = parameterValues.Substring(0, parameterValues.Length - 1);
		}



	}
}
